“Malware is nowadays more than a single enemy: online crime has unified the forces for targeting any online banking customer. Banking Malware is ubiquitous because it’s constantly updated via country-specific configuration files and with modular plugins to fit any banking web application. In addition it can defeat the most sophisticated security protections actually implemented.”

This project is about describing common flaws in security designs that have been adopted for protecting banking websites against malware, as well as a series of best practices that should be considered for evaluating and building better anti-malware solutions.
The project will be constantly updated with information taken from Owasp Community, Malware Analysis, Forensic Activities, as well as from any other validated source.

The project delivery will be divided into Two parts. The first part will be a document containing guidelines directed to Banking Web Infrastructures owners. This document will be kept intentionally as short as possible and will have the main goal to raise the awareness on Malware threats and to precisely name a series of checklists that should be taken into consideration to significantly improve website security against malware.

The second part will be a technical study dynamically updated in wiki-style format. The technical study will be the reference for the guidelines contained in the previous document. This study will try to analyze the most sophisticated Malware Techniques used in the 3 most spread Banking Malware families, as well as discuss the effectiveness of different security protections that are thought to be useful against Malware.

The Technical Study will be made up of two teams: MRE (Malware Reverse Engineering Team) and AMTS (Anti-Malware Technology Solutions Team). MRE team will be in charge of studying the malware samples and to inoculate the techniques used against banking Websites; AMTS team will harvest the internet for any Web Infrastructural solution that claims to be Malware Proof for identifying its strengths and weaknesses.